NSA: 'Anonymous Might One Day Hack Power Grids!' Anonymous: 'Huh?!?'

from the cyberfud dept

The fight to ramp up the fear mongering over cybersecurity has reached new and even more ridiculous levels -- in which an "anonymous" government source claims (without quotations) that the head of the NSA, Gen. Keith Alexander, recently briefed the White House claiming that the non-group Anonymous might be able to mount a cyberattack to take down parts of the power grid. The dubious sourcing already makes the story suspect, and without more context, the whole thing seems silly -- especially given that anyone who actually has any inkling of how Anonymous actually functions would question why it would ever seek to shut down a power grid. Anonymous tends to do things either for fun (i.e., for "the lulz") or (more frequently) out of a more vigilante sense of justice (sometimes misguided, but usually well meaning). The attacks are pretty carefully focused on causing temporary inconveniences, rather than lasting damage, as a sign of protest, or on revealing secret info that it feels deserves a wider airing. Attacking the power grid fits with exactly none of that -- a point that Anonymous itself made in response to this claim:

Why would Anons shut off a power grid? There are ppl on life support / other vital services that rely on it. Try again NSA. #FearMongering

But, even more to the point, the WSJ piece is so ridiculous that it's hard not to laugh when you read the following part:

A stateless group like Anonymous doesn’t yet have that capability, officials say. But if the group’s members around the world developed or acquired it, an attack on the power grid would become far more likely, according to cybersecurity experts.

Shorter version: Anonymous doesn’t have the power to attack the grid, but if they were able to get it someday, then they would have it. Got it.

You could go even further. I mean, why not just start listing out other hypotheticals using those ridiculous two sentences as a basis.
I'll start:

That baseball player doesn't yet have the capability to hit a baseball thrown by a pitcher, officials say. But, if he somehow developed or acquired it, his likelihood of being able to play baseball effectively would become far more likely, according to sports experts.

An infant doesn't yet have the capability to drive, officials say. But, if toddlers around the world develop or acquire it, automobile accidents would become far more likely, according to automotive experts.

Prisoners don't yet have the capability to shoot each other, officials say. But, if inmates around the world developed or acquired it, gunfights in prison would become far more likely, according to anger management experts.

Techdirt readers don't yet have the capability to make clueless government officials get transferred to jobs washing toilets, officials say. But, if the community there develops or acquires it, dumb politicians being out of work would become far more likely, according to political pundits.

In what journalistic world is it okay to write something where the entire point of the article is to fear monger about a group having a certain power, and then brush aside the fact that it doesn't have that power... and appears to have no interest or possibility of obtaining that power... but then saying, "boy, if it did have that power, that would be dangerous!" None of the hypotheticals make any sense if there's no info on the interest or likelihood of the group in acquiring or using such capabilities. There is some speculation, based solely on Anonymous' (kinda stupid) idea to try to take down the entire internet to make a statement next month, that the group is moving in "this direction," but it still seems pretty silly.

Furthermore, you have to get 10 whole paragraphs down in the article, before it's mentioned that there really isn't any real "cyberthreat" to the power grid. It seems like that sort of information belongs at the top of the article, along with a message about how the rest of the article is fear mongering about stuff that really isn't likely to happen.

Re: All I can say is this... Crisis

Re: Re: All I can say is this... Crisis

Last I checked, we're actually doing approximately zero about that, so no, I don't think it qualifies. Constructive efforts against real threats is definitely not the idea. It needs to be nebulous, ill-defined, and never ending, by design.

Re:

Anonymous doesn't yet have the capability to run computers without a power source, officials say. But if the group's members around the world developed or acquired it, an attack on the power grid would become far more likely, according to cybersecurity experts who spend their time giving stupid quotes for stupid articles.

Wish I may, wish I might...

"Techdirt readers don't yet have the capability to make clueless government officials get transferred to jobs washing toilets, officials say. But, if the community there develops or acquires it, dumb politicians being out of work would become far more likely, according to political pundits."

One of my co-workers mentioned this to me. My response, without reading the article, was "That's stupid. If they have anyone to worry about it's foreign governments, not Anonymous. The government is just trying to justify a Cyber-PATRIOT act."

Re:

If they have anyone to worry about it's foreign governments ...

I mostly agree, however I've been reading stories on tech sites for months about "hackers" possibly interfering with "Supervisory Control And Data Acquisition" (SCADA) systems; embedded systems used to control this stuff. I imagine that's what this scare mongering's about.

At least one story on /. attracted quite a few experienced SCADA developers who decried the inept way in which this has been deployed in the past, such as clueless managers wanting a web page they can use from home to check on the system. SCADA systems should never be accessible via the net/web. SCADA should always be air-gapped, & etc. In practice, this seems seldom to be the case.

So, I think I'll go with clueless managers over foreign governments, and Anonymous should be the least of their worries.

Re: Re:

The Power Grid ON/OFF Switch is on the Internet

Before chasing after the group Anonymous, let's put the idiots in jail that put the On/Off switch for the Power Grid on the Internet. I mean how stupid was that? Does somebody working at the power company need to get on a web page from home and turn off the power grid?

Why doesn't NSA actually look into what parts of the power grid can be accessed from the Internet and go "fix" that? Oh Yeah, I forgot, you can't take away any civil liberties if you do that........ You just fix the problem and move on..... And besides, that would make more sense.

Re: The Power Grid ON/OFF Switch is on the Internet

A stateless group like Anonymous hasn't yet discovered the super secret, yet google-cached, search engine-listed, and unsecured web page where government officials have chosen to post a big red flashing button that is connected to all the major infrastructure systems with big bold lettering that indicates that this self-destruct button is only to be used in case of emergencies by authorized government officials, officials say. But if the group’s members around the world accidentally googled 'secret government self-destruct button' and found the webpage at the top of the results, an attack on the American infrastructure would become far more likely, according to cybersecurity experts.

Re: The Power Grid ON/OFF Switch is on the Internet

Not only does it make sense but it doesn't grab headlines so they don't do it.

I'm still at a loss to explain why Anon would to something like that as, apparently, so are they. It certainly deflects from the silliness of the on/off switch being out there on the Internet just waiting for someone to break into it.

The Anon people are very dangerous, in that as they don't get what they want, they tend to ramp up. Yes, most of the people involved would not go to extremes, but it only takes a few in the bunch to make it a problem.

Anonymous has made some bold claims, don't be shocked when governments react to it.

Re: Re: Re:

Re: Re: Re:

lol, I have been on the receiving end of their pranks, back when Lulzsec decided to target MMO's. Funcom (anarchy online, age of conan) was like "It's the clients fault, let them eat DT", CCP (eve online) was like "Oh Crap! Kill the tubez! We've been Ganked!"

Re: Re: Re:

Re: Government lover

No they are not dangerous at all, Your own stupidity is what is dangerous. The uneducated masses of mindless fearful idiots like you who will trade their civil liberties and rights for the false security that the corrupt corporate sponsored police state offers you morons. The biggest joke of all is that once you give up your right and freedoms. You will not be given security at all, But your disgustingly overfed corrupt corporate police state "gov" will be what completely destroys all of us.

Unfortunately it is not hackers that are the biggest threat to humanity, it is a fact that governments throughout history and in the present are the biggest thieves, rapists, murders, exploiters, and anything else evil you can think of, Governments are statistically the biggest perpetrators of it. The biggest evils have always been committed by governments time and time again, It is not my opinion, it is a present and historical FACT, and history always repeats itself. Due diligence would of told you this a long time ago if you had of used it in your research.

Re: Re:

"Police in riot gear scare me more than anonymous."

Police getting military surplus for free (drones, tanks, etc) are scarier than anything anonymous does. I think the public recognizes the difference between hacking a poorly secured website vs. blurring the lines between civil police and military.

Re:

Re:

What bold claims involve them taking down power grids? Why is the government reacting to claims by a third party that state they do not have the ability, yet if they did they would have the ability as if such claims were representative of current ability and will?

Re:

The real problem wouldn't be anonymous gaining the ability to hack the power grid. The problem would be why there are any controls for the power grid connected to the Internet. Whoever connected those controls to the internet should be tried for treason.

You don't put things that need to be completely secure on the Internet for a reason. If the power grid's on the Internet, might as well put all our military plans on mediafire and post the link all over the Internet.

Re: Re:

Re:

Hey if you remember the Mexican anon group and how they backed down when real people were being threatened they are normal people with a slight computer skill and a knowledge of corruption not terrorists

Re: Re:

Re:

Maybe, have you ever considered that maybe going to extremes is exactly what is needed to change how our government is functioning? Anonymous is not dangerous to everyday people, only to large corportations and Politicians. And also, please explain how dangerous they really are, because I have no heard of a way to end a life using a computer.

Re:

this is just the sort of article that thick, moronic politicians are all over. any excuse to make out that there are even more laws needed to stop people from being able to do something that they are not in the least bit interested in doing! how long before a bill is introduced? I give it about a month!

Once again Mike...sensationalize it so people read it.

Yes, one day, they MAY! If that means they can further their stupid agenda, then yes, they will use whatever means is available to them. Imagine all the fookin' 13yr olds in ANON turning off power to a town. They'd all cum in their pants over that one....

Re: Once again Mike...sensationalize it so people read it.

I'd ask what your expertise was in the psychology of 13 year old's, but judging by your ad hominem name and the content of your comment, you seem to be an expert on the subject matter... or a 13 year old.

Re: Re: Re: Once again Mike...sensationalize it so people read it.

Re: Once again Mike...sensationalize it so people read it.

They'd all cum in their pants over that one....

Too bad our oppressive overlords and their corporate masters are already soaked at the thought that Anon may be able to do this one day and that they can further control the sheeple with alarmist fear-mongering.

Re: Re: Once again Mike...sensationalize it so people read it.

Re: Once again Mike...sensationalize it so people read it.

So mike is sensationalizing an already sensationalized article...
yo dawg, I heard you like sensationalizing! So, we sensationalized your sensationalized article so you could freak out while you freak out (over nothing)

Re:

NSA Remixing

The NSA is just remixing, tell me if you haven't heard this before:

Iran doesn't yet have the capability to develop nuclear weapons, officials say. But, if they somehow developed or acquired it, the likelihood of being able to use such weapons effectively would become far more likely, according to most war hawks.

Re: NSA Remixing

Re: NSA Remixing

Iran doesn't yet have the capability to develop nuclear weapons, officials say. But, if they somehow developed or acquired it, the likelihood of a cyber attack using a mysterious worm would become far more likely.

I get a funny feeling when I hear one of the probably most-active cyber attackers in the world ostensibly tremble in fear of a band of ragtag script-kiddies.

Re: Re: NSA Remixing

I get the feeling that the government doesn't want people to know it has actual hackers that actually know what they're doing. You always hear of China hacking the US, but never the other way around. Maybe I put too much trust in the government, but they're definitely hiding their hacking.

-NSA doesn't yet have the ability to spy on every single American, but if they do... Oh, wait. Yes, they do. And they want more authority. But we can trust them. It is probably OK. They would never use their power for evil or for anything like monitoring political descent or trying to boost the businesses of lobbying groups.

Someone's been watching way to much Live Free or Die Hard, which if they care to watch through to the end they would know that even if such an attack was performed, Bruce Willis would proceed to beat the bejeezus out of those responsible after a wildly improbable and incredibly flammable chain of events.

1. Hack into the bank accounts of all MAFIAA organizations as well as those of all politicians who support them, and empty those accounts completely. Without money, these parasites have no power.

2. Hack into the mainframes of the MAFIAA organizations, expose all of their files online, and then destroy those mainframes via viruses or other means. Without their records and with clear exposure of all of their secrets, they would be crippled even further.

3. Hack into the broadcast spectrum and replace all the current TV programming with their own for an hour or so which would feature information and visual aids to educate the masses about what the government and big corporations are really doing to them and why, and where to go to get more information.

'Techdirt readers don't yet have the capability to make clueless government officials get transferred to jobs washing toilets, officials say. But, if the community there develops or acquires it, dumb politicians being out of work would become far more likely, according to political pundits'

Hahahaha...that bulletpount made me smile, mike. Nice one. If only that could happen.

Re:

Making policy due to theoretical scenarios is unwise, since potential does not equate to actual. One most work from what has actually occurred and actual evidence, not from what might occur. Governments have no right to play "what if" with our rights.

If the NSA is actually CONCERNED...

If the government is actually concerned about the security of the power grid, why don't they pass a regulatory rule that prevents cross connecting any of those systems with the internet?

I still haven't heard even ONE good reason for why the "computers _controlling_ our power grid" should be connected to the internet in the first place.
There is NO reason to do that unless you are TRYING to cause security problems.

Re: If the NSA is actually CONCERNED...

Re: If the NSA is actually CONCERNED...

Industry already has regulations in place. Anybody can peruse the standards should they wish. Problem is, until the government controls everything through their ever expanding bureaucracy we will never see the end of the FUD.

The only way this could happen is if a terrorist group gained control of Anonymous. Anonymous has never attacked any power grids or any services that emergency services rely on.

They only attack websites of businesses and government agencies that openly attack the freedom and civil and human rights that are attacked by those in the business community and in government.

Maybe if businesses and governments acted with common sense and stopped persecuting individuals and shutting down websites at the behest of special interests and wealthy businesses and corporations then Anonymous wouldn't be defending these websites like Wikileaks or many of the other groups that constantly have their civil rights violated.

It's time for businesses and government agencies to start acting responsibly and stop acting on the behalf of wealthy interests.

Let me try...

"Morons currently don't know how to keep criticle systems off the internet so they can play MAFIA WARS but if they should someday get the know how to be smart, they might actually do it! THINK OF THE CHILDREN'S PUPPIES!!!!

News?

I seem to remember a time when U.S. news agencies reported on events that had actually happened. You had to go to campaign advertisements to get to this level of what-if. Or maybe I'm just remembering it poorly through the filter of childhood.

From the United Hackers Association with love....

christ give me a god damn break ....who the fuck is running the world these days? THEY all sound like a bunch a mental patients.

LIKE for real ....a power grid? like hte post says there are people in hospitals and at home that require power ...YOU go at what counts and does least harm to real people while showing that they are at fault in there polices of censorship and restricting free speech.

CHRoNo§§
President of the UHA.

P.S. Get your debts paid before you complain.
P.S.S. I don't have any debts.

YA can't prove a negative

they are trying to prove a negative can happen and be provable to justify an action and as it cant be there argument dies.
ITS the same bs the govt spewed about UFO's for project bluebook. JUST reverse and send it back.

I Need Protection

I am really hurt that you don't care about me. Don't you understand that by design, I am very unstable, just look at what happened in 2003. My last update was to Windows ME!

And worse, all of the control systems, every single piece of switch gear, every transformer disconnect switch, all my historical data, all your personal billing information and power usage, is all live online.

No one setup networks such that only direct control was possible via a human operator, no one setup the information to be read-only, no one completely isolated all the control interfaces from the Internet. Just log-on as "Admin" and type "12345" as the password (same as my luggage) and you could shut down the world!

Don't ask me how all those gateways, site servers, data centers, routers, and home computers will work (let alone the lights) if I go down, as I don't understand these things. I'm just a power grid.

Just fear my destruction by terrorists, oh and don't forget to thank Hollywood for the idea (Live Free or Die Hard).

Re:

because the experts ($$$$) tell them it is cool to have, and they have the widget 1000 that makes it happen.
The widget 1000 is the best state of the art and has awesome security, a hard coded password of 12345 just like your luggage Senator.

Of course the first time something goes wrong they will blame it on hackers, and offer up the widget 1500 that costs twice as much and the hardcoded password is 1234.

Lather rinse repeat.

Everything just works better if you can connect it to the net somehow, so this is why these super critical systems need to have an unfettered pipe to the net plugged into them... well that and the Janitor likes to play Angry Birds.

Re: Re: Re:

Re: Re: Re: Re:

of course!... but with such a clever ploy no one will be able to break it! then you wouldn't be able to sell newer, shinier and most importantly costlier software "upgrades" to the cump- I mean customers...

Re:

Re:

Can't you just hack it through your thermostat or something?

Why yes, that's exactly how I hack into the grid. I do it sitting on my throne whilst petting my fluffy white cat. I learned the 'Thermostat Ploy' during my time at NSA, before they kicked me out for going bald.

Not only would anon not bother with something like this, but I think they would find it a very difficult target. I work in IT at a major electric company and there's a super stringent set of rules for utilities to follow called NERC CIP, that apply to critical infrastructure like this and carry heavy penalty for violating

You know, maybe Anonymous might have the power, but they won't use it, ever. What I don't understand how this got into the news at all. This makes those pushing for cybersecurity look real bad.
Also, I wish we had the ability to put dumb politicians into jobs washing toilets.

Analogies

Your analogies are too generous Mike, they are things that the subject might want to do given the ability. A better example would be imo

Fish don't have the ability to cycle to the shops, officials say. But if they were given bicycles, or indeed learned how to make them, seeing trout at wall-mart would be much more likely, according to nature experts.

You know...

Maybe this isn't so far-fetched after all. I mean, anonymous is everyone and everyone is anonymous, right? Who's to say that someone who actually works at one of these power plants one day won't don his Guy Fawkes mask, and push the big red button?

Not that this would be a bad idea, look after Katrina, Japan and other natural disasters I know that trusting your entire life to the government is just reckless disregard for life, one should empower oneself and build his own frigging grid which is in reach today.

There are power generators that use the power of the sun to produce hydrogen, some use methane gas to produce hydrogen and they can work indefinitely as long as they are maintained properly, then there wouldn't be a problem with power grid disruption.

If the government want a robust power grid build a distributed power grid that will be resilient to any attack on it ever, since to disrupt it, it would need to destroy every freaking home in America to do it.

When emergencies arrive every citizen could donate part of their energy production to critical infra-structure like hospitals and police departments, it would be indestructible.

But no, what we hear is that we need a more bigger great centralized single point of failure system.

Axis of alignment

If I had to put anonymous on the DnD axis o' alignment, I would say they would be somewhere between Chaotic Neutral and Chaotic Good. Anonymous would never do anything like shut off a power grid. ridiculous!

I don't think its so much fear-mongering as prognosticating.
I'm pretty sure that there are plenty of terrorists and dissidents already working under the Anonymous banner trying to rally their particular cause. I guarantee that it is a safe bet that as soon as an exploit is found to control some of the power grid, part of it will get shut down. Just because one or two of the Anonymous mesh says "I'd never do that.", one or two more will salivate over it.

Re: Anonymous Kicks @ss

"especially given that anyone who actually has any inkling of how Anonymous actually functions would question why it would ever seek to shut down a power grid."

Anonymous is not a monolithic entity, it's a decentralized network of people with little, if any, leadership. and I do not agree with much of what the group does and some of it very well seems to be for attention. It wouldn't surprise me that Anonymous would take down power grids if it were within its power to do so, though there are probably more efficient ways of doing so (ie: throw something at an important transformer).

What's ridiculous is the idea that our power grids are somehow tied into the Internet in a way that can enable them to be hacked and taken down. Either that's just made up fear mongering or someone is managing power grids very poorly (and we've had power grids long before we've had the Internet, so there is no good reason that a cyber attack should be able to take down a power grid).

The problem is that politicians are/pretend to be so clueless that they will (pretend to) believe anything. It's so easy to fool them or at least to have them pretend to be fooled.

Power grids - unlikely stability.

When that major failure in the Northeast happened several years back, I remember early cries of terrorism. My reaction: "It has to be an accident, no government could have coordinated something this big without 50 years lead time and a staff large enough to populate a small nation. Forget about a group of terrorists doing it."

About the only way I could see a really large induced failure would be coordinated physical attacks on the major switching points. And even then the failure-to-take-out ratio would be so high that the results would be limited.

Analog DOS Attack

A stateless group like Anonymous "doesn’t yet have the capability to sneak into the Pentagon and flush all the toilets at once," officials say. But if the group’s members around the world developed or acquired it, "poo-covered Major Generals would become far more likely," according to cybersecurity experts.

OFFICIAL STATEMENT FROM ANONYMOUS

Greetings NSA,
We are Anonymous.

Your statement regarding the potential future sabotage of power grids by Anonymous, disgusts us to the core, as it is clearly an attempt at fear mongering. The idea that Anonymous would shut down one of the most vital resources for it to operate, is ludicrous.

While security and intelligence organizations throughout the world attempt to depict Anonymous as a 'terrorist organization', many people understand that this same subset of Anonymous they speak of, is actually a movement for freedom. This appears to scare government organizations, to the point where they might do anything in an attempt to discredit Anonymous, and make people believe Anonymous exists solely to harm innocent people.

Are these claims and predictions an attempt to falsely accuse Anonymous of something that will happen in the future - maybe even being orchestrated by the same government organizations that are now already blaming Anonymous? Many people have warned about the sad state of the power grid infrastructure in the past, but why would we shut down our own computers and other communication tools?

Thousands of people rely on electricity for everything they do; hospitals even need this electricity to save lives, and taking out the power grid would cause harm to the very people we wish to protect.

There is no valid reason for us to shut down the power grid, as far as we are aware. Any such predictions by the various government, security, and intelligence organizations are likely attempts to instill fear into those that don't understand this, and to discredit Anonymous as a whole.

We are Anonymous.
We are legion.
We do not forgive.
We do not forget.
For once don't expect us.

I think the real story is that the government is planning on shutting down the power grid and blaming Anonymous. Or the government will just wait for the next rolling blackout affecting a million or more people and blame Anonymous for that.

The implication is clear - we need decentralized power.

So, how are solar panels doing these days? Anything else we could use to power an off-the-grid home? Small wind turbines, maybe?

In what journalistic world is it okay to write something where the entire point of the article is to fear monger about a group having a certain power, and then brush aside the fact that it doesn't have that power... and appears to have no interest or possibility of obtaining that power... but then saying, "boy, if it did have that power, that would be dangerous!"

You mean like how all the media, and all the presidential candidates (minus Ron Paul), claim that Iran is a dangerous threat?

Fact: The CIA's own internal documents state that they estimate Iran is roughly 10 years away from being capable of creating a nuclear weapon. Their documents also state that they have found zero evidence that Iran even wants to or intends to obtain a nuclear weapon. The CIA's internal documents have come to the conclusion that Iran poses no threat.

Fact: Iran and Iranian president Ahmadinejad have stated many times publicly that Iran has no intention of ever obtaining an atomic weapon. Iran believes that "the time of nuclear weapons has ended". Ahmadinejad has stated that "nuclear weapons are useless in political and foreign policy". "Was the nuclear bomb able to prevent Soviet Russia from collapsing?" "Did the nuclear bomb prevent or win the wars in Afghanistan or Iraq?"

Fact: Iran has submitted more documents to the IAEA (International Atomic Energy Agency) than any other nation in it's history. The IAEA has stated numerous times that Iran's nuclear program is of a peaceful nature, and that no noncompliance or deviation was found on the part of Iran.

Fact: Iran's nuclear program facilities are open to international inspection and have been inspected by more nations and more times, than any other nations nuclear program facilities.

Fact: Iran has not attacked or invaded another country in over 200 years. The only battles it has fought in that time have been defensive battles.

Yet every presidential candidate, minus one, and quite literally every mass media outlet is running around screaming "Iran is a threat!" "They want to kill us all!". Fear mongering has long become the very basis of the presidential election campaign, the mass medias favorite tool for herding the sheeple, and every politicians favorite means of legislating the citizens civil liberties and rights away. They can't agree on anything, or get anything done. Except for when it comes to taking your rights away, then they're ALL on board.

In what journalistic world is it okay to write something where the entire point of the article is to fear monger...

The newspaper world, for one, where that is a time-honored tradition called "yellow journalism" that goes all the way back to William "You furnish the pictures ..." Randolph "... I'll furnish the war" Hearst.

To the NSA

You dumb shits how stupid do you fucking think we are?!?! Anonymous would never do such attack nor would they support such thing! You are just trying to put fear into people so you can have more control and power. I have seen what was posted on past bin talking about "Anonymous" will hack the power grid and turn off the power or the internet for 24 hours for protest against SOPA. That in fact is not true. NSA you are too fucking stupid! If it does happen we all know that you have done this to pull a false flag so that way you can have more power to control the internet. We all know what you organization is. You Spy on everyone and for order for you to spy some more you need more control of the internet so you have posted on past bin claiming to be Anonymous to get what you want.